From 52f4e0faccc014928d2f6f39868c6480b0b9a22c Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 25 Feb 2019 10:58:43 +0100
Subject: [PATCH] exec: expose --preserve-fds

The implementation is already there, we only need to add the CLI
option and pass it down.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 exec.go                     |  5 +++++
 man/runc-exec.8.md          |  1 +
 tests/integration/exec.bats | 11 +++++++++++
 3 files changed, 17 insertions(+)

diff --git a/exec.go b/exec.go
index ae8e60e4263..62ab4662548 100644
--- a/exec.go
+++ b/exec.go
@@ -89,6 +89,10 @@ following will output a list of processes running in the container:
 			Usage:  "disable the use of the subreaper used to reap reparented processes",
 			Hidden: true,
 		},
+		cli.IntFlag{
+			Name:  "preserve-fds",
+			Usage: "Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)",
+		},
 	},
 	Action: func(context *cli.Context) error {
 		if err := checkArgs(context, 1, minArgs); err != nil {
@@ -141,6 +145,7 @@ func execProcess(context *cli.Context) (int, error) {
 		pidFile:         context.String("pid-file"),
 		action:          CT_ACT_RUN,
 		init:            false,
+		preserveFDs:     context.Int("preserve-fds"),
 	}
 	return r.run(p)
 }
diff --git a/man/runc-exec.8.md b/man/runc-exec.8.md
index 318d4a4300f..91bb028979d 100644
--- a/man/runc-exec.8.md
+++ b/man/runc-exec.8.md
@@ -28,3 +28,4 @@ following will output a list of processes running in the container:
    --no-new-privs                           set the no new privileges value for the process
    --cap value, -c value                    add a capability to the bounding set for the process
    --no-subreaper                           disable the use of the subreaper used to reap reparented processes
+   --preserve-fds value                     pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total) (default: 0)
diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats
index 5ad6c65c393..c598718dee8 100644
--- a/tests/integration/exec.bats
+++ b/tests/integration/exec.bats
@@ -127,3 +127,14 @@ function teardown() {
 
   [[ ${output} == "uid=1000 gid=1000 groups=99(nogroup),100(users)" ]]
 }
+
+@test "runc exec --preserve-fds" {
+  # run busybox detached
+  runc run -d --console-socket $CONSOLE_SOCKET test_busybox
+  [ "$status" -eq 0 ]
+
+  run bash -c "cat hello > preserve-fds.test; exec 3<preserve-fds.test; $RUNC --log /proc/self/fd/2 --root $ROOT exec --preserve-fds=1 test_busybox cat /proc/self/fd/3"
+  [ "$status" -eq 0 ]
+
+  [[ "${output}" == *"hello"* ]]
+}